List of Configuration Issues in USM Anywhere

The following is a table that includes all configuration issues you can find in USM Anywhere.

List of Configuration Issues in USM Anywhere

Category

Subcategory

Protocol (Port)

Description

Global access to administration port

SSH

TCP (22)

Global access to the SSH port has been defined within this security group. This should be restricted to the IP Range of the company

Global access to internal port

DNS (UDP)

UDP (53)

Global access to the DNS port has been defined within this security group

Global access to internal port

DNS (TCP)

TCP (53)

Global access to the DNS port has been defined within this security group

Global access to internal port

Mini SQL

TCP (4333)

Global access to the MSQL port has been defined within this security group. This should be an internally facing port only

Global access to internal port

SQL Server (UDP Port)

UDP (1434)

Global access to the SQL Server port has been defined within this security group. This should be an internally facing port only

Global access to internal port

SQL Server (TCP Port)

TCP (1433)

Global access to the SQL Server port has been defined within this security group. This should be an internally facing port only

Global access to internal port

PostgreSQL Server

TCP (5432)

Global access to the PostgreSQL port has been defined within this security group. This should be an internally facing port only

Global access to internal port

MySQL Server

TCP (3306)

Global access to the MySQL port has been defined within this security group. This should be an internally facing port only

Global access to internal port

Syslog

UDP (514)

Global access to the Syslog port has been defined within this security group. This should be an internally facing port only

Global access to internal port

rsync

TCP (873)

Global access to the rsync port has been defined within this security group. This should be an internally facing port only

Global access to internal port

MongoDB (UDP)

UDP (27017)

Global access to the MongoDB port has been defined within this security group. This should be an internally facing port only

Global access to internal port

MongoDB (TCP)

TCP (27017)

Global access to the MongoDB port has been defined within this security group. This should be an internally facing port only

Global access to internal port

CouchDB (UDP)

UDP (5984)

Global access to the CouchDB port has been defined within this security group. This should be an internally facing port only

Global access to internal port

CouchDB (TCP)

TCP (5984)

Global access to the CouchDB port has been defined within this security group. This should be an internally facing port only

Global access to administration port

VNC Server

TCP (5900)

Global access to the VNC Server port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

VNC Listener

TCP (5500)

Global access to the VNC Listener port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

Windows RPC

TCP (135)

Global access to the Windows RPC port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

Windows Remote Desktop

TCP (3389)

Global access to the Windows Remote Desktop port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

Telnet

TCP (23)

Global access to the Telnet port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

X11 (TCP)

TCP (6000)

Global access to the X11 port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to administration port

X11 (UDP)

UDP (6001)

Global access to the X11 port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

SMTP

TCP (25)

Global access to the SMTP port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

FTP

TCP (21)

Global access to the FTP port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

FTP Data

TCP (20)

Global access to the FTP (data) port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

CIFS

UDP (445)

Global access to the CIFS port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

NetBios (Named Services)

UDP (137)

Global access to the NetBios (Named Services) port has been defined within this security group. This should be restricted to a company owned CIDR

Global access to service port

NetBios (Datagram Services)

UDP (138)

Global access to the NetBios (Datagram Services) port has been defined within this security group. This should be restricted to a company owned CIDR

ICMP globally permitted

ICMP

ICMP

ICMP is globally permitted

Global access to service port

All TCP Ports Open

TCP (1)

All TCP ports have been explicitly permitted by this security group. Access to your system should be restricted to the minimal set of TCP ports you require to access for operation. In addition, ensure ports that are for administrative access or do not require global access should be restricted to a company owned CIDR

Global access to service port

All UDP Ports Open

UDP (1)

All UDP ports have been explicitly permitted by this security group. Access to your system should be restricted to the minimal set of UDP ports you require to access for operation. In addition, ensure ports that are for administrative access or do not require global access should be restricted to a company owned CIDR